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Google Cloud 


Established enterprises have built up increasingly 
complex software environments 


©} On-prem legacy apps 
© Private-hosted apps 
O Cloud apps 
Threat of vendor 
lock in 


Threat of new 
technology 


IT must now manage across legacy on-prem, private-hosted, and one or 
more public cloud environments 
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We want 
Hybrid with 
Modernization 


63 Google Cloud 


w 


With minimal down time 


By re-architecting monolithic architecture into 
microservices 


To lower our technical debt 


But need a design that seamlessly manages all our 
business lines 


And continue to use same tools, and APIs across 


Lift and shift 


— 


Transform 
Greenfield 


Hybrid approach 
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Legacy software development practice: An 
Example 


New reguirement to launch / scale Difficult to migrate / break apart existing 
mobile component of an existing app due to hard dependencies in 
legacy app on-prem environment 


At launch, unpredictable traffic 
spikes, causing downtime 


IT Teams build mobile backend 
based on existing legacy 


architecture The mobile component needs to be Team decides to switch environments 
developed, configured, secured, and and replatform their app, forcing a 
scaled differently in each environment full rewrite due to inflexibility of 
it’s deployed legacy systems 
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SERVICE MESH 


CI / CD 


ORCHESTRATION 


CONTAINERIZATION 


Connect and secure 
applications 
Manage applications 


Run applications 


Package applications 


ISTIO+gRPC 


SPINNAKER 


KUBERNETES 


DOCKER 


Connect and secure 
applications 
Manage application 


Run applications 


Package applications 


Container based methods offer 
a flexible approach to infrastructure 


Applications arent 
tied to underlying 
infrastructure or vendors... 


...addressing 
issues of tight 
coupling 
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01 Running Applications 
with Kubernetes 


Kubernetes 


Automate deployment of A portable platform on top of which A portability layer hat 
applications on to developers can build applications, abstracts away differences in 
any infrastructure so that they are easily... underlying computer platforms 
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Ported Changed  Redeployed 
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Kubernetes is a declarative way to describe your applications 
API 


KUBERNETES 


GCP On Prem / Cloud 


VPC STORAGE ROUTERS VM VPC STORAGE ROUTERS FW LB 


Containers 
at Google 
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Google launches more than four billion containers every 
week globally 


Full range of Google-run applications including Search, 
Gmail, and YouTube. 


Inspired by Google’s Cluster Manager called Borg which 


enables direct software tasks across vast machine clusters. 


A culmination of Google’s experience deploying resilient 
applications at scale. 


02 Managing applications 
with Spinnaker 


CICD/ on Google Cloud 


O Q © © 


Source Repository Cloud Build Container Cloud 
1 A Registry 1 Storage 
1 


Build/ Artifact 
Test storage 


oO O 4 
os @ 9 O + a 9 
CSR Bitbucket Jenkins Circle CI quay Docker jenkins Codefresh 


Hub 


Spinnaker 


Spinnaker is an open-source, multi-cloud, continuous delivery platform 


Application deployment 
Application management 


Deployment Sequencing 


Pipelines 
Stages 
Find image Cutover Deploy PROD Tear down Destroy 
Start from TEST Deploy CANARY manual approval (red/black) CANARY old PROD 


Wait 30 mins Wait 2 hrs 


Deployment Strategies 


pe: et 


ALL BENNEN 


Load balancer 


Load balancer 


Safe Deployments 


Execution Windows 


© Restrict execution to specific time windows 
Days of the Week (to days selected implies execution on any day if triggered) 


Sun Mon | Tue | Wed Thu Fri Sat All None Weel 


Time of Day 


oo | ox | o2 | 03 | os | os JM. u | a2 [13 | 19] a5 | 16 


This stage will only run within the following windows (all times in PDT): 


From | 07#|:| oos) to [102]: 00+] ñ 


| Ocreate | 
Deploy (waiting for execution window) 
sper pipeline Execution Windows Configuration 
Stage execution can only run: 
From 07:00 to 10:00 PDT sene 
On Tue 
+ Configur 
| 


PI Skip remaining window 


o 


Manual Judgements 


Manual Judgment 
Instructions 
please approve this pipeline 


Manual Rollbacks 


Server Group Actions v 


Rollback 


Resize 6: 
Disable Z 
Destroy 


Clone IL 
= Kube UI clin-v002 


Automated Rollbacks 


Trigger a pipeline that does a 
rollback on a failed deployment 


© Child Pipeline 


Configuration € rollback 


Rollback Type wi 


Stage typer at 
Walts specified period olime 


WAIT CONFIGURATION o 


Connecting and Securing 
Applications with gRPC and 
Istio 


Stubby at Google 


Microservices at Google: — RR NI 


~~] = VS 
10 en 
0(10'º) RPC per second B 


Images by Connie Zhou 


what did we learn from scaled Stubby 


Contracts between services should be strict 

Common language helps 

Common understanding for deadlines, cancellations, flow control messages 
Common stats/tracing framework is essential for monitoring, debugging 
Common framework lets uniform policy application for control and Ib 


Single point of integration for logging, monitoring, tracing, service 
discovery and load balancing makes lives much easier ! 


Stubby to gRPC -> What Is gRPC? 


Ruby Client 


C++ Service Android-Java Client Les 


RPC Speaks Your Language 


Es GoLang Service 


gRPC gRPC 
Stub Service 
gRPC gRPC E 
Service Stub E 
gRPC 


Java Service Python Service af je 


gRPC 
Service 


C++ Service 


gRPC Runs Everywhere 


3!4 Party Front end Cloud 
App Service 


External 


Internal 


MECS Service BM Service 
App 


n = ; 
EEE, 


pService EM Service EM [Service 


Micro service architecture 


Backend & Shared Services 


gRPC is: 


Performant 
Extensible 

Easy 

Widely Adopted 


HTTP/2 performance: Multiplexing, Header 
Compression, Binary Framing 

Binary compact protos: Serialization time, size 
of message on wire, client and server compute time, 
network throughput 

Streaming is native to gRPC 
Service Mesh Integrations 

Monitoring and Tracing 

Prometheus, Zipkin, Opentracing integrations 

Service Discovery 

Etcd, Consul, Zookeeper as controller for gRPC-Ib 

Auth 8 Security 

mTLS , Plugin auth mechanism (e.g. OAuth) 

Proxies 

Nginx and others 


Service Mesh 


Transparently automate application network functions. 


Separating (business Logic) applications 
from network functions 


Everybody got all fired up 
about Kubernetes and 
microservices and then were 
like Wow, whaťs going on?’ 
Istio lets us view our entire 
system and find trouble spots. 


Anonymous early adopter 
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framework for Connecting, securing, 


A Istio is a service mesh. It is an open 
À managing and monitoring services. 
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secure, Monitor, Manage 


Intelligent routing Resilience 
Dynamic route e Timeouts 
configuration e Retries 
A/B tests e Health checks 
Canaries e Circuit breakers 
Gradually upgrade 
versions 
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Security & policy 


Mutual TLS 
Organizational policy 
Access policies 

Rate Limiting 


Telemetry 


e Service Dependencies 
e Traffic Flow 
e Distributed Tracing 


How Istio works 


{a} Frontend 


HTTP/1.1, HTTP/2, 
gRPC or TCP -- 
with or without 


O Proxy — mS 


Discovery & config 2 Policy checks, 
data to proxies o telemetry 


A Pilot A Mixer 


O Google Cloud Control Plane API 


(ak Payments 
Traffic transparently proxied — 
OQ unaware of proxies 
Proxy — 


TLS certs 
to proxies 


À Citadel 


Istio Control Plane 


Service architecture 


©) Google Cloud Platform 


E 18) Frontend ] 
= an | 
{E} Pictures {Ë} Payments 


{5} Auth — © Users Cloud SQL 


Z 


= External Payment 
O Google Cloud Processor 


Istio-enabling a service 


{5} Frontend — 05 ——- E) Frontend 
sdl O Proxy 


spec: spec: 
containers: containers: 
- image: frontend:v2.0.17 - image: frontend:v2.0.17 
- image: istio/proxy:v1.0 
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Service architecture with Istio 


©) Google CloudPlatform 


(ak Frontend 
ma“ QO Proxy 


O Proxy O Proxy 
(ak Pictures | {a} Payments | | 


External Payment 


O Google Cloud Processor 


Steady state 


Traffic control tied to 
infrastructure 
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In the past 


Traffic control tied to 
infrastructure 
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Ci— o 


10% canaries 
Load Balancing 


Default 


Default 


Default 


Default 


Default 


Default 


Canary 


Default 


Default 


Default 


With Istio 


Traffic flow separated from E | 
10% canaries 
infrastructure CJ E A Istio Load Balancing 


90% of traffic 


Default 


Canary 
10% of traffic 
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Traffic steering 


destination: pictures.example.local 
match: 
httpHeaders: 
user-agent: 
regex: “(.%x?:)?(iPhone)(:.%)?$ 
precedence: 2 
route: 
- tags: 
version: 2.0-alpha 
env: staging 
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{a} Frontend 
QO Proxy ss ss s : 
é : 
pictures M 
è 
O Proxy O Proxy 
{a} Pictures {a} Pictures 


Regular Communication 


{a} Frontend | ge} Payments | 
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Automatic secured Communication 


{a} Frontend {5} Payments 


b -——- (O) Proxy Es 


O Proxy Es Es 


A Citadel 
Istio Contro | Plane 
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ISTIO+gRPC 


SPINNAKER 


KUBERNETES 


DOCKER 


Connect and secure 
applications 
Manage application 


Run applications 


Package applications 


some important Links 


httos://cloud.qoogle.com/solutions/hybrid-and-multi-cloud-patterns-and-practices 


10201-Best practices using Kubernetes, Spinnaker and Istio to Manage a Multi-cloud Environment 


Best Practices from Google SRE: How You Can Use Them with GKE + Istio 


https://cloud.google.com/containers/ 


https://cloud.google.com/kubernetes-engine/ 


https://cloud.google.com/istio/ 
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Thank you 


Google Cloud 


